Securing Your Valuable Responses
We understand that your RFP responses contain potentially-sensitive information. We take this very
seriously and have implemented the following to ensure the security and integrity of your data:
- Data access only through backend application services - no direct DB access
- Customer data separated logically with hidden org id
- SSL Security certificate for HTTPS web access
- Dedicated DB available (at additional cost)
- IP restriction option
- Configurable pass word strength
- Permissions granted buffet-style or with Roles
- User accounts locked after 5 failed login attempts
- User and Entry audit trail logging
- Configurable user session timeout
Set Granular User Permissions
Users and Roles can be created with any combination of the following permissions.
- Read RFP entries
- Author RFP entries
- Edit RFP entries
- Delete RFP entries
- Assign Drafts
- Approve RFP entries (includes Reject)
- Define entry grouping/categorization
- Edit users (includes Delete & Clone)
- Edit self
- Export
- Edit account settings
- Brand user interface
- Trusted User
- Access Projects

New accounts are prepopulated with these User Roles: You can use them as is, or modify them and add new ones to match your access needs.
BasicUser - Basic users can search the repository, maintain their own profile, and preferences and access
the Projects module. This is sufficient for users who are consumers of the compiled information and do not need to (or are not
trusted to) edit or create the RFP response entries.
Author/Approver - Users who will be responsible for ensuring the quality of the RFP response entries
will need Read, Author, Edit, Delete, Approve, and Edit Self rights.
This set of permissions allows full control over the RFP entries, but not to organizational settings.
Admin-Only - An account administrator needs access to Grouping setup, Edit Users, Edit
Self, Brand Interface, and Edit Acct Settings.
SuperUser - Super Users can do it all - Author, search, edit, and approve content; create and edit
other users; maintain account-wide settings and security functions.
ChannelPartner - Channel Partners can
search, and suggest new content, but can't approve it.
Results of their searches are filtered against the 'Internal
Only' flag, allowing you to restrict them to content cleared for
"outsider" eyes.
|
Dedicated Database for Your Data
Our customers' RFP data is logically separated from other customers' data by a hidden organization id.
This id is established when a user logs on and is used for all subsequent data access. The
org id is never exposed through the web interface, keeping it secure.
All data access is performed using a dedicated DB access layer within the application. The org id and a
valid session id are required for all data access. Data can not be accessed otherwise.
Client-dedicated databases are available upon request (additional fees apply) to further separate
customer data. Organizations with very large amounts of data or who are extra sensitive to
security concerns may find this option very attractive.

|
For Your Eyes Only
- Approval workflow ensures that no one sees
your RFP responses until they have been thoroughly reviewed and meet your standards.
- Draft responses can be kept private to the author. This allows users with Author
permission to maintain public and private entries. Only the author of a draft entry can
read or edit it.
- "Trusted Only" content can be accessed only by users who are marked as
Trusted. Others (including partner employees, probationary employees, or resellers) can only see
those entries approved for external consumption.
|
|
Detailed Audit Trails
Entry Audit Trail - If enabled, RFPMonkey.com tracks each time an RFP entry is added, edited,
assigned, approved, rejected, graded, or deleted. Each audit trail record includes the date, time, action, entry ID,
and associated user ID and username.
User Audit Trail - Logging user activity can be set to various levels. The minimum logging level tracks
Log In and Log Out events. The maximum level tracks this, plus changes to the organization, users, preferences, RFP
entries, branding, and export functions.
|